On Fri, Jun 05, 2020 at 10:29:56AM +1000, Herbert Xu wrote: > On Fri, Jun 05, 2020 at 10:28:58AM +1000, Herbert Xu wrote: > > > > Hmm, the selection list doesn't include CTR so just adding SEQIV > > per se makes no sense. I'm not certain that we really want to > > include every algorithm under the sun. Steffen, what do you think? > > Or how about > > select CRYPTO_SEQIV if CRYPTO_CTR > > That would make more sense. > > Cheers, There's also a case where "seqiv" is used without counter mode: net/xfrm/xfrm_algo.c: { .name = "rfc7539esp(chacha20,poly1305)", .uinfo = { .aead = { .geniv = "seqiv", .icv_truncbits = 128, } }, .pfkey_supported = 0, }, FWIW, we make CONFIG_FS_ENCRYPTION select only the algorithms that we consider the "default", and any "non-default" algorithms need to be explicitly enabled. Is something similar going on here with INET_ESP and INET_ESP6? Should "seqiv" be considered a "default" for IPsec? - Eric